Skip to content

Commit

Permalink
Merge pull request #8026 from heyitsanthony/document-cn
Browse files Browse the repository at this point in the history 
op-guide: document CN certs in security.md
  • Loading branch information
@mitake
mitake committed Jun 5, 2017
2 parents ace1760 + 68e0e4a commit 3cbbb54
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
3 changes: 2 additions & 1 deletion Documentation/op-guide/security.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ etcd takes several certificate related configuration options, either through com

`--key-file=<path>`: Key for the certificate. Must be unencrypted.

`--client-cert-auth`: When this is set etcd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail.
`--client-cert-auth`: When this is set etcd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail. If [authentication][auth] is enabled, the certificate provides credentials for the user name given by the Common Name field.

`--trusted-ca-file=<path>`: Trusted certificate authority.

Expand Down Expand Up @@ -222,3 +222,4 @@ The certificate needs to be signed for the member's FQDN in its Subject Name, us
[tls-setup]: ../../hack/tls-setup
[tls-guide]: https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.md
[alt-name]: http://wiki.cacert.org/FAQ/subjectAltName
[auth]: authentication.md
3 changes: 2 additions & 1 deletion Documentation/v2/security.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ etcd takes several certificate related configuration options, either through com

`--key-file=<path>`: Key for the certificate. Must be unencrypted.

`--client-cert-auth`: When this is set etcd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail.
`--client-cert-auth`: When this is set etcd will check all incoming HTTPS requests for a client certificate signed by the trusted CA, requests that don't supply a valid client certificate will fail. If [authentication][auth] is enabled, the certificate provides credentials for the user name given by the Common Name field.

`--trusted-ca-file=<path>`: Trusted certificate authority.

Expand Down Expand Up @@ -191,3 +191,4 @@ If you need your certificate to be signed for your member's FQDN in its Subject
[tls-setup]: ../../hack/tls-setup
[tls-guide]: https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.md
[alt-name]: http://wiki.cacert.org/FAQ/subjectAltName
[auth]: authentication.md

0 comments on commit 3cbbb54

Please sign in to comment.